Friday, April 10, 2020

Compare Malware Strings of 2 Files for Matches

# run strings on both malware samples
strings64.exe -n 8 malware1.exe > str1.txt
strings64.exe -n 8  malware2.exe > str2.txt

# put the results into 2 arrays
[string []] $lines1 = Get-Content -Path str1.txt
[string []] $lines2 = Get-Content -Path str2.txt

# sort the arrays
$lines1 = $lines1 |sort
$lines2 = $lines2 |sort

# find matches in the 2 lists
$matches = @()
foreach ($str in $lines1) {if($lines2 -contains $str) {$matches += $str}}

find matches in 2 arrays
find matches in 2 lists
find lines in 2 files
find lines in 2 arrays
compare 2 malware strings
compare 2 files
compare 2 arrays

Sample output
!This program cannot be run in DOS mode.
%VeriSign Class 3 Code Signing 2010 CA
%VeriSign Class 3 Code Signing 2010 CA0
%VeriSign Class 3 Code Signing 2010 CA0
... %d%%
.DEFAULT\Control Panel\International
\Microsoft\Internet Explorer\Quick Launch

1 comment:

